PDA

View Full Version : IMPORTANT: Uncontrollable removal of images/files on server | Bugs & Solution



Curtis
April 12, 2019, 10:03 AM
Some of our customers faced up a problem that was caused by a bug in the system.
The bug resulted in uncontrollable removal of photos, videos and other files from the file directory.

The problem has been detected in Flynax 4.7.0 and 4.7.1 versions only.
The bug was triggered when a user removed a listing that had a Youtube video uploaded first.
We've fixed it and applied the fix (see below) to all our products in the Customer Area (both to software and patches).

To avoid losing data on your website we suggest that you apply the fix immediately.


1. If you run Flynax 4.7.0 do the following:

Open file /includes/classes/rlListings.class.php and following code ~1978 line



// delete photos
if ($photo = $rlDb->fetch(array('Photo'), array('Listing_ID' => $id), null, 1, 'listing_photos')) {
$GLOBALS['reefless']->deleteDirectory(RL_FILES . pathinfo($photo[0]['Photo'])['dirname'] . RL_DS);
$rlDb->delete(array('Listing_ID' => $id), 'listing_photos', null, 0);
}


Replace it with the following code:



// delete photos
$photo = $rlDb->getOne('Photo', "`Listing_ID` = {$id} AND `Original` != 'youtube'", 'listing_photos');

if ($photo) {
$GLOBALS['reefless']->deleteDirectory(RL_FILES . pathinfo($photo)['dirname'] . RL_DS);
$rlDb->delete(array('Listing_ID' => $id), 'listing_photos', null, 0);
}


2. If you run Flynax 4.7.1 do the following:

Open file /includes/classes/rlListings.class.php and following code ~2149 line



if ($mediaPath = $rlDb->getOne('Original', "`Listing_ID` = {$id}", 'listing_photos')) {
ListingMedia::removeEmptyDir(RL_FILES . dirname($mediaPath), true);
$rlDb->delete(array('Listing_ID' => $id), 'listing_photos', null, 0);
}


Replace it with the following code:



$mediaPath = $rlDb->getOne('Original', "`Listing_ID` = {$id} AND `Original` != 'youtube'", 'listing_photos');

if ($mediaPath) {
ListingMedia::removeEmptyDir(RL_FILES . dirname($mediaPath), true);
$rlDb->delete(array('Listing_ID' => $id), 'listing_photos', null, 0);
}


P.S. We apologize to our all customers for the inconvenience and especially to those, who faced the issue on their sites.

Wei Hong
April 12, 2019, 10:53 AM
Thank you so much for the update. I'm applying it asap

Pete Young
April 12, 2019, 01:01 PM
As quick as we are to say how slow or bad customer service is, it is just as important to say thank you for the prompt and great support. good to see.

Ionut Barabasa
April 12, 2019, 01:17 PM
Deleted all my 10 gb of photos Only backup i had was from 2 months before. :)

Jason Barbour
April 12, 2019, 05:03 PM
Great stuff. Thanks!

John
April 12, 2019, 05:06 PM
Hello Guys, glad to help.

Ivan Amador
April 20, 2019, 05:29 AM
Thanks Curtis and John! Already fixed in my site :)

J Koresh
August 6, 2019, 02:22 PM
I followed the procedure " Open file /includes/classes/rlListings.class.php and following code ~2149 line: but not sure why the CodeLines are not numbered. Could it be cause of the browser Firefox?. Scrolled back and forth couple of times and still in the loop. Flynax, should I open a ticket?.

Any help please. Using 4.7.1

Thanks.

Rudi
August 7, 2019, 05:41 AM
I followed the procedure " Open file /includes/classes/rlListings.class.php and following code ~2149 line: but not sure why the CodeLines are not numbered. Could it be cause of the browser Firefox?. Scrolled back and forth couple of times and still in the loop.


Use some code editor like notepad or sublime to see the line numbers

or create a ticket and we'll help you

J Koresh
August 7, 2019, 09:56 PM
Rudi,
I can create a ticket and PM you the ticket number if you can help.

Errol
August 24, 2019, 07:06 PM
Why not sent this as email to clients. I lost all my files :(

QuickRon
October 6, 2019, 06:09 PM
Hey Guys.
I already had this "fix" applied to my version 4.7.1 ... and today I lost ALL my listing images!! I have a support ticket in on this but I think it's important to mention it here in the forum so others are aware of this. Hopefully, Flynax will permanently fix this serious flaw.

Thankfully, I was able to do a full restore from my cPanel and get everything back, but I could have done without all the added STRESS!!!

And I agree with Errol .... I think Flynax should send an email blast to all customers notifying them of something as serious as this issue. I'm sure that I'm not the only one who had no idea that this thread (and issue!!) even existed on the forum.

Jose luis Lau cruz
October 6, 2019, 08:09 PM
What do you mean? What's going on?

Jose luis Lau cruz
October 6, 2019, 08:13 PM
For some reason, one of my categories lost it formatted forms

Errol
October 8, 2019, 03:04 PM
I agree with QuickRon

"I already had this "fix" applied to my version 4.7.1 ... and today I lost ALL my listing images!!"


I lost my files again ..

Rudi
October 8, 2019, 06:15 PM
I agree with QuickRon

"I already had this "fix" applied to my version 4.7.1 ... and today I lost ALL my listing images!!"


I lost my files again ..

Give me some steps what you did before the images were completely removed ?

QuickRon
October 8, 2019, 08:20 PM
UPDATE: I lost all the folders & files (ie images) in the "files" directory again yesterday (Oct 7th). Twice in 2 days.

Rudi and Flynax are aware of it.

Thankfully, I manually backed up the "files" folder on Oct 6th after the first occurrence, so I quickly restored those files.

The only things that I did in the admin yesterday was to switch the Email settings from phpmail to smtp. I also created a test account and then deleted it later.

BUT before I restored the folders, I noticed something strange. ALL the folders in the "files" directory were gone EXCEPT for the "qrcode" folder. And there was a huge discrepancy between the contents of the "qrcode" folder on the server and the one in my backup. There were much fewer folders in the "qrcode" folder on the server. AND the timestamp of those folders all had the same time which was around the time that I lost all the image files. That seemed really odd to me.

So, I uninstalled the QR Code plugin. And, so far, all the files are still there.

But then again, I haven't done anything else on the site since then.

I do not know if there's any correlation between the QR Code plugin and this issue of deleted image files. Or why this issue is suddenly occurring. Until now, I was thinking that it may be related to the cron, because I had other issues with the cron that were recently fixed by Flynax, and then after that is when I lost all the images.

I'm going to do some more testing and see if this event occurs again.

Errol
October 11, 2019, 04:13 PM
I think one step I did was to go to -> My Lisings > Edit active listings with photo > Then delete a photo

I won't confirm this for you as I am afraid I may lose images again. However I think this is where bug is at

Rudi
October 12, 2019, 02:21 PM
I think one step I did was to go to -> My Lisings > Edit active listings with photo > Then delete a photo

I won't confirm this for you as I am afraid I may lose images again. However I think this is where bug is at

I think you'd better create a ticket to investigate the problem on your site as removing some photo from listing works properly on our end

also check that the file ListingMedia.php from includes > utils is up to date

Curtis
August 19, 2020, 09:30 AM
Hello there,

I've found other one problem which also can remove all files/folders in the "files" directory.
It's actual for users who have software which was upgraded from 4.6.0 (or older) to 4.8.0 and newer.
Scenario of reproducing the problem:
- install Flynax 4.6.0 version or older
- create 2 accounts "test1" and "test2"
- import or create listings with images and assign them to "test1" account
- upload a thumbnail for user "test2"
- upgrade the software to latest version
- go to AP and remove account "test2"


After this operation system will tried to remove account thumbnail, but it have wrong old format.
Now we've added the condition which will prevent all similar problems and removing data from webserver.

1. Please find and open following file: includes/classes/admin/rlAdmin.class.php
Find following code:



// delete folder with thumbnail of account
if ($photo = $rlDb->getOne('Photo', "`ID` = {$id}", 'accounts')) {
$reefless->deleteDirectory(RL_FILES . dirname($photo));
}


And replace it to follow:



// Delete folder with thumbnail of account
if ($photo = $rlDb->getOne('Photo', "`ID` = {$id}", 'accounts')) {
// Old format of account photos
if (is_file(RL_FILES . $photo) && false === strpos($photo, 'account-media/')) {
unlink(RL_FILES . $photo);
} else {
$reefless->deleteDirectory(RL_FILES . dirname($photo));
}
}


2. Find and open file: includes/classes/reefless.class.php

Find following function deleteDirectory()



public function deleteDirectory($dirname = false, $passive = false)
{
if (is_dir($dirname)) {
$dir_handle = opendir($dirname);
}


if (!$dir_handle) {
return false;
}


// passive mode
if ($passive) {
$empty = true;
$file = readdir($dir_handle);


while ($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
$empty = false;
}
}


if ($empty) {
rmdir($dirname);
}


return true;
}
while ($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname . RL_DS . $file)) {
unlink($dirname . RL_DS . $file);
} else {
$this->deleteDirectory($dirname . RL_DS . $file);
}
}
}


closedir($dir_handle);
rmdir($dirname);


return true;
}


And replace to follow:



public function deleteDirectory($dirName = '', $passive = false)
{
$dirName = (string) $dirName;


if (!$dirName || realpath($dirName) === realpath(RL_FILES)) {
$backtrace = serialize(debug_backtrace(DEBUG_BACKTRACE_IGNORE_A RGS));
$error = "Folder deletion failed, folder is missing or it's a system \"/files/\" directory (stack: {$backtrace})";
$GLOBALS['rlDebug']->logger($error);
return false;
}


if (is_dir($dirName)) {
$dir_handle = opendir($dirName);
}


if (!$dir_handle) {
return false;
}


// passive mode
if ($passive) {
$empty = true;
$file = readdir($dir_handle);


while ($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
$empty = false;
}
}


if ($empty) {
rmdir($dirName);
}


return true;
}
while ($file = readdir($dir_handle)) {
if ($file != '.' && $file != '..') {
if (!is_dir($dirName . RL_DS . $file)) {
unlink($dirName . RL_DS . $file);
} else {
$this->deleteDirectory($dirName . RL_DS . $file);
}
}
}


closedir($dir_handle);
rmdir($dirName);


return true;
}

Bahram Soltanirad
August 19, 2020, 10:17 AM
So, Curtis... do we need to update 4.7.x ?

Curtis
August 21, 2020, 08:48 AM
So, Curtis... do we need to update 4.7.x ?

This issue can be exist in websites which used old version (4.3.x or 4.4.x or 4.5.x) and after they have been updated to 4.6.x and higher.

Robert Engelke
March 29, 2021, 07:20 PM
Just had this happen to our site, the first fix posted was already in place. haven't added the second fix though. any info on if that is the only thing needed to fix it?